Preparation

Preparation involves eliminating unnecessary sources of risk before they can be attacked. Steps you should take include these:

Invest time in planning—
If you want to be really diligent about security, for each of strategies I describe in this chapter, outline how you plan to implement each one.

Structure your network to restrict unauthorized access—
If you can minimize the number of ways to get into and out of your home or office network, you can focus your security attention on the remaining ways. Do you really need to have each computer use its own modem to connect to the Internet, when you could share one Internet connection? Do you want to permit access from the Internet directly in to your network, indirectly via a Virtual Private Network (VPN), or not at all? Eliminating points of access reduces risk, but also convenience. You’ll have to decide where to strike the balance.

If you’re concerned about unauthorized in-house access to your computers, be sure that every user account is set up with a good password—one with letters and numbers or punctuation. Unauthorized network access is less of a problem with Simple File Sharing, as all network users are treated the same, but you must ensure that an effective firewall is in place between your LAN and the Internet. I’ll show you how to use the Windows firewall later in this chapter.

Install only needed services—
The less network software you have installed, the less you’ll have to maintain through updates, and the fewer potential openings you’ll offer to attackers.

For example, don’t install software like ICQ unless you really need it. The optional “Simple TCP Services” network service provides no useful function, but only archaic services that make great denial of service attack targets. Don’t install it.